Browsed byMonth: November 2015

In the wake of the Paris attacks, law enforcement officials everywhere are saying, into every microphone anyone will point at them, that they need backdoors into our encrypted communications. Because terror! Fear! They won’t mention this possibly relevant point: The terrorists did not even use encryption.

This just puts an exclamation point on the fact that these people are simply using fear of a recurrence of what just happened to do something they think will make their jobs easier. It won’t make their jobs any easier, but it will surely work against dissent and whistle-blowing. It will also make everyone less safe. There is no such thing as an encryption backdoor for law-enforcement that will not also provide easy access for criminals.

If you run or support Windows systems, you are missing a bet if you do not use the suite of Sysinternals tools by Mark Russinovich.

He just released a new version of a tool called Sigcheck. So simple! Sigcheck reports on the file version number, timestamp information, and digital signature details, including certificate chains. You can also check a file’s status on VirusTotal, and upload a file for scanning there. It runs at the command line and is a self-contained EXE, so it’s portable as soon as you get it.

How obvious a sanity check is this? Run this against the Windows directory and establish a baseline when you install fresh, or immediately pinpoint anything suspicious to investigate further should there be a possible compromise.

Another one of the easy things you can do to be sure you have a clean system.